Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Martin Pitt wrote:
-- Start of PGP signed section.
> Peter Eisentraut [2009-04-10 14:56 +0300]:
> > I assume the server has the snakeoil certificate installed?
>
> It is a self-signed certificate indeed (Debian's ssl-cert package).
>
> > In that case, it is correct that the client refuses to proceed,
> > although the exact manner of breaking could perhaps be improved.
>
> That may be true for 8.4, and I'm could stop configuring the snakeoil
> certificate by default. That would make configuring a server for a
> real SSL certificate harder than it needs to be, though.
>
> However, we can't afford to break existing installations. If a user
> has 8.4 installed locally, he'll use libpq from 8.4, and suddenly he
> could not connect to a remote SSL 8.3 cluster any more. So the check
> needs at least be turned into a warning for connecting to a pre-8.4
> server.
>
> Also, the error message needs to be much clearer. Right now it just
> tells you that it couldn't find a per-user root.crt and fails. So as
> an user, I wonder: What is that file? I don't have one, where should I
> get it from? And why does each user need to have its own?
>
> html/libpq-ssl.html describes it fairly well:
>
> "When the sslverify parameter is set to cn or cert, libpq will
> verify that the server certificate is trustworthy by checking the
> certificate chain up to a CA. For this to work, place the
> certificate of a trusted CA in the file ~/.postgresql/root.crt in
> the user's home directory. libpq will then verify that the server's
> certificate is signed by one of the trusted certificate
> authorities."
>
> Nowhere does it say that the connection will fail immediately if you
> do not have a root.crt. man psql(1) does not have any word about it,
> like how to set the sslverify argument.

I noticed you didn't quote the next sentence:

The SSL connection will fail if the server does not present a trusted
certificate.

Which clearly explains _a_ failure, but doesn't link it well to the
behavior. I agree the wording needs improvement so I have update the
doc paragraph to mention "requires" at the beginning":

When the sslverify parameter is set to cn or cert, libpq requires a
trustworthy server certificate by checking the certificate chain up to a
CA. To allow verification, place the certificate of a trusted CA in the
file ~/.postgresql/root.crt in the user's home directory. (On Microsoft
Windows the file is named %APPDATA%\postgresql\root.crt.) libpq will
then verify that the server's certificate is signed by one of the
trusted certificate authorities. The SSL connection will fail if the
server does not present a trusted certificate.

I will now look at improving the libpq error message.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +